SoylentNews is people
SoylentNews
WSJ: What Keeps People From Using Password Managers?
No pay wall: https://archive.is/HCtcT
Many of us are vulnerable to hackers and eager to secure our online accounts, but lots of us also refuse to use an obvious solution: password managers.
Why? Our research has found that the typical reassurances and promises about password managers just don’t work. Fortunately, our research also suggests there are strategies that can persuade people to get past the psychological barriers and keep their data safe.
[...] In a study I conducted with my Ph.D. student Norah Alkaldi, we found that the two most common methods of persuasion were ineffective in getting people to adopt password managers. The first is the “push” approach—the idea that by showing people the dangers of using simple passwords, recording passwords on their computer or using the same passwords at different sites, we would push them to adopt a safer approach. Users, we found, don’t respond to the push strategy.
[...] The other, “pull,” approach—focusing on the positives of password managers—didn’t deliver any better results.
[...] We discovered two types of “mooring factors” that keep people from changing their behavior.
[...] First, there was the effort required to enter all your passwords into the password manager.
[...] People also fear they will lose all their passwords if they forget their master password.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @05:55PM (3 children)
Surprised by all the negativity toward password managers here. But, I think some folks are confusing password managers in general with the ones that integrate into your web browser / a cloud service.
One password to rule them all is actually a strength, not a weakness. I can remember a few really good passwords. One of these really good passwords is used for my password database. And, in using the password database, it, allows me to have 1000s of unique good passwords which would have been impossible if I had to commit all of them to memory. If someone uses rubber hose cryptanalysis on me, their going to get all the passwords they care about either way.
A decent password manager is keepassXC. It runs on nearly anything *nix, mac, windows, etc., and where it doesn't run, there is a compatible app that can share the same password database file. It has a virtual keyboard function to "type" your passwords to avoid apps/websites stealing passwords by harvesting your clipboard, and it handles TOTP auth as well. There are quite a few options for password managers out there, e.g., 'pass' looks pretty interesting.
After I make a change to my password DB, I sync it around to various computers at home and at work, and to my phone via scp and adb. Backing it up is part of my normal backup routine. No clouds.
(Score: 2) by hendrikboom on Sunday June 20 2021, @01:10AM (2 children)
Is the keepassXC password database distributed? Can it reasonably be managed with distributed revision management system like, for example, monotone?
(I pick monotone instead of git because I prefer it).
(Score: 0) by Anonymous Coward on Sunday June 20 2021, @03:41PM (1 child)
You can distribute it using whatever file sync tools or services you like. One of the strengths of keepass is that it isn't coupled to an online service, you can use none or whichever you like. Just make sure not to overwrite changes made on one computer with ones from another. If in doubt, you can manually sync databases from time to time. I recommend using a different file for sync than usage of you're going to sync between computers to prevent logins from being lost due to sync mistakes.
(Score: 2) by hendrikboom on Monday June 21 2021, @03:14PM
If the file consists of lines, and the lines are separately encrypted, and each data base entry is a line, any decent distributed revision management tool should be able to handle the situation, requiring manual intervention only when there are conflicting changes.
So my question becomes : is this so?